FAQ: Bcrypt - Verifying passwords

This community-built FAQ covers the “Verifying passwords” exercise from the lesson “Bcrypt”.

Paths and Courses
This exercise can be found in the following Codecademy content:

(Beta) User Authentication & Authorization in Express

FAQs on the exercise Verifying passwords

There are currently no frequently asked questions associated with this exercise – that’s where you come in! You can contribute to this section by offering your own questions, answers, or clarifications on this exercise. Ask or answer a question by clicking reply (reply) below.

If you’ve had an “aha” moment about the concepts, formatting, syntax, or anything else with this exercise, consider sharing those insights! Teaching others and answering their questions is one of the best ways to learn and stay sharp.

Join the Discussion. Help a fellow learner on their journey.

Ask or answer a question about this exercise by clicking reply (reply) below!
You can also find further discussion and get answers to your questions over in #get-help.

Agree with a comment or answer? Like (like) to up-vote the contribution!

Need broader help or resources? Head to #get-help and #community:tips-and-resources. If you are wanting feedback or inspiration for a project, check out #project.

Looking for motivation to keep learning? Join our wider discussions in #community

Learn more about how to use this guide.

Found a bug? Report it online, or post in #community:Codecademy-Bug-Reporting

Have a question about your account or billing? Reach out to our customer support team!

None of the above? Find out where to ask other questions here!

Could be the only one this has happened to but I just want to say this exercise is a little bit bugged. I had to do with “Replace with Code Solution” because it would not evaluate the code I put into the browser after I did the node app.js bit then clicking check your work. I just deleted what the Code Solution put in and went through the steps so I could learn anyways. I really think Bcrypt is neat… And would be an excellent CS themed Halloween costume… Tales from the Bcrypt keeper? Anyone !??

This exercise makes no sense…
We create a function just to call a method giving the same result by itself.
It is like doing:

const isTrueOrFalse = something => !!something;

const isTrueOrFalseTrueOrFalse = (something) => {
const result = isTrueOrFalse(something);
return result;

It states that the bcrypt.compare() function extracts the salt from the stored password’s hash in order to hash the entered password provided to compare with. How is this possible? This is a hash of the salt and the password combined. You shouldn’t be able to retrieve the salt from the hash anymore than you could retrieve the password from the hash. And in the next lesson “Bcrypt in a CRUD app”, the salt is not stored to the DB, only the hash. So how does this work?